--- docman.php	2002/07/29 12:04:43	1.27
+++ docman.php	2002/07/29 12:34:18	1.29
@@ -230,7 +230,7 @@
 	}
 	if ( !$file_lock && $ext!="" && strstr(join(' ',$gblImages),$ext) ) {  
 		$info  = getimagesize($fsPath) ;
-		$tstr = "<IMG SRC=\"$webRoot".urlpath($relPath)."\" BORDER=0 " ;
+		$tstr = "<IMG SRC=\"$self?A=V&D=".urlpath(dirname($relPath))."&F=".urlpath(basename($relPath))."\" BORDER=0 " ;
 		$tstr .= $info[3] . " ALT=\"" . $fn . " - " ;
 		$tstr .= (int)(($fsize+1023)/1024) . "Kb\">" ;
 //		echo htmlentities($tstr) . "<BR><BR>" . $tstr ;
@@ -481,18 +481,10 @@
 
 //////////////////////////////////////////////////////////////////
 
-function GifIcon($txt) {
-	global $gblIconLocation ;
+function GifIcon($txt = "") {
+	global $gblIconLocation, $gblImages ;
 
 	switch (strtolower($txt)) {
-	case ".bmp" :
-	case ".gif" :
-	case ".jpg" :
-	case ".jpeg":
-	case ".tif" :
-	case ".tiff": 
-		$d = "image2.gif" ;
-		break ;
 	case ".doc" :
 		$d = "layout.gif" ;
 		break ;
@@ -570,9 +562,14 @@
 		$d = "quill.gif";
 		break;
 	default :
-		$d = "generic.gif" ;
+		if (in_array(strtolower($txt),$gblImages)) {
+			$d = "image2.gif" ;
+		} else {
+			$d = "generic.gif" ;
+		}
 	}
 
+
 	return "<IMG SRC=\"$gblIconLocation" . $d . "\" BORDER=0>" ;
 } // end function GifIcon
 
@@ -1769,6 +1766,9 @@
 			$target = "$fsDir/$FILENAME";
 		}
 
+		if (! check_perm("$relDir/".basename($target), trperm_w))
+			Error("Access denied","User <tt>$gblLogin</tt> tried to upload <tt>$relDir/".basename($target)."</tt> without valid trustee.",1);
+
 		// backup old files first
 		$dir=dirname($target);
 		if (! file_exists($dir."/.bak")) {
@@ -1797,10 +1797,14 @@
 	case "SAVE" :
 		$path = $gblFsRoot . $RELPATH ;
 		$path=stripSlashes($path);
+
+		if (! check_perm("$RELPATH", trperm_w))
+			Error("Access denied","User <tt>$gblLogin</tt> tried to save <tt>$RELPATH</tt> without valid trustee.",1);
+
 		$writable = is_writeable($path) ;
 		$legaldir = is_writeable(dirname($path)) ;
 		$exists   = (file_exists($path)) ? 1 : 0 ; 
-// check for legal extension here as well
+		// FIX: more verbose error message
 	 	if (!($writable || (!$exists && $legaldir))) 
 			Error("Write denied",$RELPATH) ;
 		$fh = fopen($path, "w") ;
@@ -1895,6 +1899,9 @@
 		if (substr($FN,0,4) != ".del") break ;
 		$file=substr($FN,4,strlen($FN)-4);
 
+		if (! check_perm("$relDir/$file", trperm_w))
+			Error("Access denied","User <tt>$gblLogin</tt> tried to undelete <tt>$relDir/$file</tt> without valid trustee.",1);
+
 		LogIt("$fsDir/.del/$file","undeleted",trperm_w);
 		MoveTo("$fsDir/.del/$file","$fsDir/");
 		MoveTo("$fsDir/.del/.log/$file","$fsDir/.log/");
